Issues with LDAP group sync

Hey folks, I am running Teamcity 9.0.5 (build 32523) right now and have some trouble getting group sync to work.

Our Ldap has the following setup:

users are in ou=people,cn=users with class posixUser

groups are in ou=groups,cn={groupName} with class posixGroup

members of groups are indentified by the groups memberUid field mapping to user uid.

I set everything up and user sync works fine, but I get this in the logs when syncing groups:


Skipped 12 unknown members during membership synchronization of the remote group '{remoteId='cn=ops,ou=groups,dc=someDC,dc=com', groupKey='OPS', members=12}' as they are not present in the full list of users or groups. Ignored members: '12 members here...'

Anyone know what this is about?

The users ignored are all synced fine and can login to TC via LDAP...
9 comments
Comment actions Permalink

Hi Tobias

The log message has not been preserved. Could you post it once again please.

0
Comment actions Permalink

The log message is:

Skipped 12 unknown members during membership synchronization of the remote group '{remoteId='cn=ops,ou=groups,dc=someDC,dc=com', groupKey='OPS', members=12}' as they are not present in the full list of users or groups. Ignored members: '12 members here...'
0
Comment actions Permalink

I probably should mention that all members of the group were ignored. It's not just some that may be in different CNs

0
Comment actions Permalink

Hi ,
I am also facing the same issue which you have posted.
So do you have any update on this issue??
Were you able to resolve it ? If yes could you please let me know

0
Comment actions Permalink

We got the same issue.
Is there any answer for this problem?

0
Comment actions Permalink

Hello,

Could you please describe the issue in more detail? What TeamCity version is used? Please attach ldap-config.properties file and ldap log.

0
Comment actions Permalink

Hi,

This is ldap logs:

 
[2015-12-21 09:31:28,361]   INFO -     jetbrains.buildServer.LDAP - Last synchronization statistics: user sync enabled=true, created users=0, updated users=0, deleted users=0, remote users=442, matched users=164, group sync enabled=true, created groups=0, updated groups=0, deleted groups=0, remote groups=1, matched groups=0, duration=446ms, errors=1, 
 
errors: [Skipped 20 unknown members during membership synchronization of the remote group '{remoteId='cn=ReleaseEngineering,ou=Groups,dc=xxx,dc=com', groupKey='RELEASE', members=20}' 
 
as they are not present in the full list of users or groups. Ignored members: <20 members> 

Ldap group TC configure:

...
teamcity.options.groups.synchronize=true
teamcity.groups.base=ou=Groups
teamcity.groups.filter=(objectClass=posixGroup)
teamcity.groups.property.member=memberUid

Configuration in ldap-mapping.xml:

<mapping>
  <group-mapping teamcityGroupKey="RELEASE" ldapGroupDn="cn=ReleaseEngineering,ou=Groups,dc=xxx,dc=com" />
</mapping>

TC is able to query LDAP groups:

 
[2015-12-21 09:31:28,072]   INFO -     jetbrains.buildServer.LDAP - Found 47 search results for search base='ou=Groups', filter='(objectClass=posixGroup)', scope=2, attributes=[mail, cn, memberUid, displayName, distinguishedName]

TeamCity version is 9.1.1 (build 37059).
Please let me know if you need more infomation.thanks.

0
Comment actions Permalink

Thank you for provided details. The users from the group "ReleaseEngineering" were skipped:

 
errors: [Skipped 20 unknown members during membership synchronization of the remote group '{remoteId='cn=ReleaseEngineering,ou=Groups,dc=xxx,dc=com', groupKey='RELEASE', members=20}' 

because they are not present in users list ("remote users=442") filtered by teamcity.users.base and teamcity.users.filter properties. Please modify the ldap config file.
0
Comment actions Permalink

Hi Alina,

Thank for your feedback,but the members not in userlist seems not right,as they are able to login TC by LDAP accounts.Futhermore,after modifying ldap config (adjust filter scope),queried users up to 3769 but still got error with group synchronization:

teamcity.users.base=ou=People
teamcity.users.filter=(objectClass=person)

0

Please sign in to leave a comment.